Closed dxps closed 1 month ago
Dear all,
Have anyone considered this, please?
Refs:
Thanks!
Explicitly adding a newer version of that transitive dependency solves the case:
<dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-compress</artifactId> <version>1.26.1</version> </dependency>
Typically the CVE coming from Spring Boot or Spring Data Redis, we don't address and simply wait for them to be resolved upstream.
Dear all,
Have anyone considered this, please?
Refs:
Thanks!
Explicitly adding a newer version of that transitive dependency solves the case: